The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.

CPENameOperatorVersion
debian_linuxeq10.0
inetutilslt2.2

CPE	Name	Operator	Version
	debian_linux	eq	10.0
	inetutils	lt	2.2

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=993476

git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd

lists.debian.org/debian-lts-announce/2022/11/msg00033.html

lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html

nessus 43

cve 2

debiancve 2

ubuntucve 2

openvas 29

debian 3

osv 8

ubuntu 3

veracode 1

f5 1

alpinelinux 1

prion 1

redhatcve 1

hackerone 2

cloudlinux 1

cbl_mariner 1

ibm 7

fedora 2

photon 6

suse 2

freebsd 1

slackware 1

redhat 15

gentoo 1

amazon 1

rocky 1

mageia 1

oraclelinux 1

almalinux 1

cloudfoundry 1

rosalinux 1

apple 3

ics 2

oracle 4

nessus

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Inetutils vulnerability (USN-5177-1)

2023-10-16 00:00:00

Debian DLA-3205-1 : inetutils - LTS security update

2022-11-27 00:00:00

EulerOS Virtualization for ARM 64 3.0.6.0 : curl (EulerOS-SA-2021-1997)

2021-06-30 00:00:00

cve

CVE-2021-40491

2021-09-03 02:15:00

CVE-2020-8284

2020-12-14 20:15:00

debiancve

CVE-2021-40491

2021-09-03 02:15:00

CVE-2020-8284

2020-12-14 20:15:00

ubuntucve

CVE-2021-40491

2021-09-03 00:00:00

CVE-2020-8284

2020-12-09 00:00:00

openvas

Debian: Security Advisory (DLA-3205-1)

2022-11-26 00:00:00

Ubuntu: Security Advisory (USN-5177-1)

2023-01-27 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2022-1688)

2022-05-09 00:00:00

debian

[SECURITY] [DLA 3205-1] inetutils security update

2022-11-25 19:06:45

[SECURITY] [DLA 2500-1] curl security update

2020-12-19 02:59:56

[SECURITY] [DSA 4881-1] curl security update

2021-03-31 09:30:31

osv

inetutils vulnerability

2022-08-08 15:38:39

CVE-2020-8284

2020-12-14 20:15:13

inetutils - security update

2022-11-25 00:00:00

ubuntu

Inetutils vulnerability

2022-08-08 00:00:00

curl vulnerabilities

2020-12-09 00:00:00

curl vulnerabilities

2020-12-09 00:00:00

veracode

Phishing Attacks

2020-12-11 09:23:25

K63525058 : cURL vulnerability CVE-2020-8284

2021-02-19 00:00:00

alpinelinux

CVE-2020-8284

2020-12-14 20:15:00

prion

Code injection

2020-12-14 20:15:00

redhatcve

CVE-2020-8284

2020-12-09 17:44:52

hackerone

curl: CVE-2020-8284: trusting FTP PASV responses

2020-11-21 13:57:43

Ruby: lib/net/ftp.rb: trusting PASV responses allow client abuse

2021-04-02 15:56:47

cloudlinux

Fix of CVE: CVE-2020-8284

2020-12-02 12:00:00

cbl_mariner

CVE-2020-8284 affecting package curl 7.68.0-5

2020-12-16 04:51:58

ibm

Security Bulletin: IBM MQ is affected by a vulnerability within libcurl (CVE-2020-8284)

2021-05-19 11:57:46

Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server and Aspera High-Speed Transfer Endpoint 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)

2021-06-04 16:40:33

Security Bulletin: cURL libcurl vulnerabilites impacting Aspera High-Speed Transfer Server, Aspera High-Speed Transfer Endpoint, Aspera Desktop Client 4.0 and earlier (CVE-2020-8284, CVE-2020-8286, CVE-2020-8285)

2021-06-04 01:09:08

fedora

[SECURITY] Fedora 32 Update: curl-7.69.1-7.fc32

2020-12-21 01:36:25

[SECURITY] Fedora 33 Update: curl-7.71.1-8.fc33

2020-12-15 01:22:19

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0346

2020-12-10 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0304

2020-12-10 00:00:00

Important Photon OS Security Update - PHSA-2020-0346

2020-12-10 00:00:00

suse

Security update for curl (moderate)

2020-12-13 00:00:00

Security update for curl (moderate)

2020-12-14 00:00:00

freebsd

cURL -- Multiple vulnerabilities

2020-12-09 00:00:00

slackware

[slackware-security] curl

2020-12-09 21:22:01

redhat

(RHSA-2021:1610) Moderate: curl security and bug fix update

2021-05-18 05:39:00

(RHSA-2021:2472) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update

2021-06-17 11:33:18

(RHSA-2021:2471) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update

2021-06-17 11:31:22

gentoo

cURL: Multiple vulnerabilities

2020-12-23 00:00:00

amazon

Medium: curl

2021-08-04 20:32:00

rocky

curl security and bug fix update

2021-05-18 05:39:00

mageia

Updated curl packages fix security vulnerabilities

2020-12-31 17:32:44

oraclelinux

curl security and bug fix update

2021-05-25 00:00:00

almalinux

Moderate: curl security and bug fix update

2021-05-18 05:39:00

cloudfoundry

USN-4665-1: curl vulnerabilities | Cloud Foundry

2021-01-12 00:00:00

rosalinux

Advisory ROSA-SA-2021-1818

2021-07-02 16:36:57

apple

About the security content of Security Update 2021-003 Mojave

2021-04-26 00:00:00

About the security content of Security Update 2021-002 Catalina

2021-04-26 00:00:00

About the security content of macOS Big Sur 11.3

2021-04-26 00:00:00

ics

Siemens SINEC INS

2022-03-10 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.4%

JSON

Related for PRION:CVE-2021-40491